Information security isn't solely the responsibility of your IT department. Cyber security isn't just about technology; it involves people, which is why HR leaders are increasingly asked to get involved.

By the year 2021, experts predict the annual cost of cyber crime will be a staggering $6 trillion. Building organization-wide efforts around information security is crucial to protecting your organization from the expanding threat vector. For HR leaders, purpose-driven collaboration with internal and external experts is one important way to reduce your human-related security risks.

1. employee awareness

Hackers are a major threat, but they're not the worst thing you're up against. Your employees are your organization's single biggest risk. Studies reveal that insiders cause the largest percentage of security risks. While some of these incidents are malicious or involve criminal collusion, the vast majority are related to simple, preventable mistakes. Employees may innocently click a link in an email or download malware because they lack the knowledge to identify a threat.

Today, just 53 percent of organizations have official security awareness training in place. HR must collaborate with IT and external vendors to develop regular awareness exercises for talent.

2. smarter policies and position descriptions

At an organization that's achieved a culture of information security, the responsibility of the individual to protect sensitive data should be clear. HR may need to collaborate internally or externally with IT consultants on how to bring documentation up to date. If your position descriptions do not address information security, they may need to be revised to include:

  • Acceptable technology use
  • Password format and changes
  • Employee ethics
  • Data protection responsibility and practices

3. crisis management planning

If your organization is ever subject to a security incident, restoring operations quickly can be critical to minimizing revenue loss and maintaining client loyalty. While business continuity is typically an organization-wide effort, HR may be called upon to support efforts to educate employees on crisis behavior and analyze the "people" side of disaster recovery.


Some experts, including IBM Analyst Diana Kelley, believe it's not a question of "if" your organization will suffer a security incident, but "when." Organization-wide efforts can mitigate your firm's financial loss and prepare you for the best response possible.

HR leaders have the potential to drastically reduce risks by supporting security initiatives, improving employee awareness through training and bringing HR documentation up to date. Internal collaboration matters, but external collaboration with IT consultants or talent sourcing experts can also deliver value. Information security requires technical and human safeguards, and making sure your policies, people, staffing and documentation are up to par is a critical method of reducing your risks.